Boozt Fashion AB (556710-4699) (hereafter us, we or our) is the data controller (responsible) for the processing of your personal data as described in this policy. If you have any questions about how we process data about you, don't hesitate to contact us at firstname.lastname@example.org or by other means, see contact details below.
This policy applies to all personal data collected through Boozt.com and Booztlet.com. All contact with us with regard to processing of your personal data will be handled by Boozt Fashion AB, the owner of these two brands. This naturally means that we use the same systems and customer service to help our customers.
We care about your privacy and want to be transparent in what way we process your personal data. Here you can read about the information we collect, how we process the information, and who has access to it.
We only process your personal data when we have a specific purpose of doing so and when that purpose is fulfilled, we will delete the data unless it is further processed for another reason as described below.
Our processing of your personal data is governed by the EU General Data Protection Regulation (GDPR) and national data protection legislation.
Information we collect about you and from where
Why we process your personal data
We process your personal data mainly for reasons connected to you being a customer and fulfilling our commitment to you. Beside the contractual requirements we also process data for the following purposes. We are trying our best to describe the purposes as concise and clear as possible, but please ask us if you want any more information.
We create individual customer profiles based on collected data about you, across various data sources/categories, e.g. browsing behaviour together with your purchases and information you have supplied (e.g., favourite brand and favourite products). We combine and analyse this data for the purpose of improving your experience at our websites, evaluate your email responses and to tailor personal offers and services, after you have given your consent to this or after our thorough consideration, as described below.
The identification of buying patterns that must be considered abnormal and beyond the scope of what we consider to be acceptable buying behaviour and buying culture is discovered through an algorithm based on a number of different parameters. If a customer is identified by the algorithm, we will personally evaluate on a case-by-case basis whether that customer's order should be rejected by us - either temporarily or permanently. We do this because you have a right not to be subject to a decision based solely on automated processing.
If you want to receive personally tailored offers and information about campaigns that we think you like, you can give us your consent and then we will send you inspiration and offers by mail and SMS, based upon the information we have about your purchase preferences.
In order for us to administer and ship your goods and receive payment in return, some personal data about you is obviously needed.
We also have an obligation to provide customer service (via email, chat or phone) under our terms, and to administer your account.
To evaluate and assess abuse of our Fair Use policy, we will process some of your personal data. If we have reasonable suspicion that there is abuse, excessive/pathological buying behaviour on the part of the customer, or that a customer is a professional trader with the explicit intention to resell items bought from Boozt, we reserve the right to reject the order with reference to our Fair Use policy. You can read more about this in our Sales and Delivery Conditions.
When you browse around on our website we will keep track of which products you have looked at in order for us to tailor inspiration to you as well as make it easy for you to find what you've previously shown an interest in.
If you are already a customer of Boozt we will also take into account your previous purchases when showing inspiration and offers specifically for you.
If you initiate a purchase with us and add products to your cart, but do not continue to complete the purchase, we can send a reminder by email to you. We do this so that you will not have to start over from scratch, but you may at any time choose to not receive such communications by disabling it through your account.
To keep both you and us safe, we process personal data to administrate, operate and maintain our websites and systems. We also comply with aggregated statistics about the site usage and purchases to improve our understanding of our customers preferences and for developing new functions.
To be able to establish, exercise or defend legal claims in connection to fraud. As well as to prevent misuse of our services or to avoid, prevent and investigate crimes against us.
We also need to process personal data about you in order to fulfil legal obligations, such as the Swedish Bookkeeping Act, legislation concerning consumer rights and product safety.
For how long do we process your personal data
We will retain your personal information for the period necessary to fulfil the purpose of the processing. We have highlighted the most common and important processing activities performed and its retention period, below.
To show inspiration based on your browsing history and purchases.
3 years after your last activity, e.g. purchase, communication or visit to our website.
Processing for direct marketing purposes will no longer take place after an objection from you.
Marketing from Boozt via email and SMS, based on your consent.
We process information for this purpose about you as long as it is relevant and useful to produce offers and information that suits you particularly well, but only as long as we have your consent (that is, until you withdraw your consent).
You can easily give and withdraw your consent to direct marketing through your profile.
As long as provided for by the legal obligation in question (e.g. 7 years according to bookkeeping legislation).
3 years after your last contact with customer service, or longer if we have a legitimate interest to establish, exercise or defend legal claims.
3 years from the date the customer was in breach of our Fair Use policy, or in exceptional cases longer, in which case you will be informed of this specifically.
Who do we share your personal data with
When we use a subcontractor to process your personal data for purposes described in this policy and under our responsibility, we will first sign a Data Processing Agreement (DPA) with them. The DPA gives instructions on confidentiality and security and limits the processing to what is strictly needed. These companies are not allowed to process your data for any other purpose. We use the following types of processors.
Storage, hosting and other IT-services
Communication, such as tailored emails and texts (SMS) where such interests you
In the event that personal data becomes available in an area outside of the EU / EEA, in a so-called “third country”, you can read about how we, through further agreements and measures, protect your personal data in the section with the same name, below.
After careful consideration, we may also use services from, or enter into cooperation with, companies where the processing of your personal data, after our collection, wholly or partly is controlled by this party and under their responsibility. This applies to processing that takes place in connection with:
Transportation and distribution, that is, to ensure that the goods you ordered arrive to you safely and quickly
- Marketing if you have given consent to cookies for this purpose.
When your personal data is transferred to another controller, it is important to us that you are aware of when and to whom, so that you have the possibility to contact these companies and ask about how they process your data, and to make sure you are able to exercise your rights under GDPR. We do this, for example, when you order a delivery, by clearly referring to the respective shipping company, or when using a payment service by putting pressure on the payment solutions that are made available to provide information themselves about what information they need to secure a payment and how you can ask questions about this.
All recipients who act as their own Data Controller are responsible to give you the necessary information about their processing.
Public authorities and transfers based on legal obligations
If we are obliged to share your personal data with tax authorities, the police or anyone else due to a legal obligation, we will of course do so
Third country transfers
GDPR is perfectly aligned with our own values and the companies we share information with. However, in some cases, the best suppliers as well as some of our partners, are found outside of the EU. To not deprive us, or you, of these possibilities, we will occasionally use a sub-contractor outside of the EU/EEA. This puts extra demands on us to ensure that the processing of personal data is given protection which is equivalent to what you could expect if it took place in the EU, through contracts and technical measures. With that said, we would like to draw your attention to the fact that even in countries such as the USA, national legislation does not meet the requirements that are now set within the EU. This means that no matter how careful we are when choosing companies to collaborate with or engage for basic functions such as storage and communication, and despite the fact that we are constantly working to secure the processing that takes place outside the EU through agreements, there is a chance that a foreign security service is listening in. Both legislators and the companies we work with are currently searching for the best ways to make these transfers and processing overseas safer. The EU has developed so-called “standard contractual clauses”, abbreviated SCC, based on the EU commissions’ proposal, which are often part of – but not the whole - solution. We use subcontractors and have partners outside EU/EEA within the following functions:
We will continue to monitor the situation, to keep you informed and further update our protection when possible.
We promise to keep this policy updated and you are most welcome to ask questions about this at any time. If you want to receive a copy of the documentation regarding these safety measures, you are welcome to contact us.
Right to access
If you want to access the information we process about you - we have created an automatic way for you to perform a personal data access request – you can find it in your account under My Profile – Collect personal data. Otherwise, please contact us at: email@example.com.
As a customer, you are entitled to access your collected data categories (article 15) and you may object to the registration pursuant to the relevant rules in the EU legislation General Data Protection Regulation (GDPR). Upon appropriate request, we will update, change or remove personal information that we control with reservation against violating any legislation or our continued legitimate interest.
We can reject requests that are unreasonably repeated, demand disproportional high technical intervention (e.g. development of a new system or changing an existing process substantially), or which affects another individual’s rights and freedoms.
Since you only have the right to access your own personal data we cannot share information that includes details about someone else (respecting his or her rights). Therefore, you may not receive all personal data you have requested, but we will in such a case provide you with a description of which information we can't hand out and the reason for it.
Right to rectification
If your personal data is inaccurate or incorrect you can contact us, and we will make sure your information will be updated and correct. Upon request, we will update, change or delete your personal data that we process, subject to personal data that still needs to be processed on the basis of a legal obligation or our continued legitimate interest.
Right to erasure
You have a right to be forgotten, which means we shall delete your data if any of the following grounds applies:
This right shall not apply if the processing is necessary for the establishment, exercise or defence of legal claims.
If you want to delete your account, you are able to do so when you are logged in and then go to My Profile and click “Delete account”. This will delete your profile and all of the other settings within your account, but of course we will keep your order history if you need help with a return errand, warranty or customer service of any kind in the future. As well as any personal data required to fulfil legal obligations or for our continued legitimate interest, for example to safeguard our Fair Use policy.
Right to restriction of processing
You have the right to obtain restriction of our processing where one of the following applies:
Right to data portability
You have the right to data portability, which means you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and transmit it to another company without hindrance from us, if the processing is based on your consent or on a contract and the processing is carried out by automated means, and as long as this does not adversely affect the rights and freedoms of others.
Right to object
For any processing we base upon our legitimate interest you have the right to object, at any time. We then have to demonstrate a compelling legitimate ground for the processing which override your interest, rights and freedoms, or the personal data is needed for the establishment, exercise or defence of legal claims. Otherwise, we have to terminate the processing.
If your personal data is processed for direct marketing purposes, you have the right to object and we will then end the processing.
Organisational and technical security measures
GDPR requires your personal information to be kept secure and confidential. We store your personal data on servers with high levels of security, which are located in controlled facilities, and our security is checked regularly to determine whether our user information is handled securely and always taking your rights as a user into account.
Updates to this policy
The rapid development in the digital and technical field means that changes to our processing of personal data may be necessary. We thus reserve the right to update and amend these guidelines for the processing of personal data. You can always find the current policy at our website. In case of substantial changes, we will notify you in the form of a visible notice on our websites.
Questions and complaints
We are happy to help you if you have any questions about how we process your personal data. If you feel we have let you down in any way, not meet your request or treated your data unlawfully you have the right to submit a complaint about this to the national Supervisory Authority in your country:
You can contact us via:
By phone: +46 10 138 83 36
Or by post:
Boozt Fashion AB
Attn: Customer Service
Hyllie Boulevard 35
215 37 Malmö
Thank you for visiting Boozt.com or Booztlet.com (‘the websites’) operated by Boozt Fashion AB (556710-4699), Boozt Fashion AB Hyllie Boulevard 35 Malmö, SE-215 37, Sweden (hereafter us, we or our).
Phone: +46 10 138 83 36
Or by letter:
Boozt Fashion AB
Attn: Customer Service
Hyllie Boulevard 35
215 37 Malmö
What is a cookie?
A cookie is a small text file that via your browser is stored on your computer or device when you visit websites. Cookies make it possible to collect certain information, including information about which pages and functions you visit and use.
Some cookies are technically necessary for functions you use on the websites (for example so that we can store the contents of your shopping cart), but others are used for other purposes (for example for compiling statistics). In the next section, you can read more about which cookies can be used.
There are basically two main types of cookies - 'temporary' and 'permanent':
In the table in the section below, it is stated for each cookie whether it is a temporary cookie (session cookie) or a more permanent cookie, which expires after a specified period of time.
A distinction is also made between 'first-party cookies' and 'third-party cookies'. First-party cookies are those that we apply ourselves, while third-party cookies are applied by a third party who has elements embedded in the website that is visited. In the table in the section below you can see which cookies are applied by us and which cookies are applied by a third party.
Which cookies do we use?
Below you will find detailed information about each cookie, including the provider of the cookie, the purpose and duration:
Withdrawal of your consent
You can withdraw or change your consent to cookies at any time by clicking on the link 'Update cookie settings' at the bottom of the website, where you can again select or deselect cookies. However, the cookies that are technically necessary for the website's function ‘necessary cookies' cannot be deselected.
If you choose to withdraw your consent or delete / block cookies, you must be aware that this (depending on the type of cookie) may impair the user experience on the website.
Processing of your personal data